Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tweaking w/Autoruns


  • Please log in to reply
36 replies to this topic

#1 linuxpowers

linuxpowers

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:12:33 AM

Posted 30 December 2013 - 04:08 AM

Since I've become a new member, I've read a wealth of information on this site. As a result, I've been tweaking my system like crazy. :crazy:

 

I downloaded Autoruns and fired it up to see what else is loading up at startup. I found some things that I no longer needed and used msconfig to uncheck them....I'm not sure unchecking in Autoruns does the same thing....let me know if it does as that would be much simpler!

 

Anyway, I found a few items I'm not to sure about and that is my reason for posting. I'm mostly concerned at the moment with those entries that are highlighted in yellow. Not sure what the ones highlighted in pink are yet.

 

========================

 

"Logon Tab

 

HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components

Internet Explorer            File not found: C:\Windows\system32\ie4uinit.exe  

 

I know this file is present and I've read on this sight that it is required but I'm not sure why it's required when it doesn't even successfully load. So can I uncheck this?

 

=======================

 

"Task Scheduler Tab"

 

\ASUS\ASUS AI Suite II Execute            File not found: C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe  

\ASUS\ASUS DigiVRM Help            File not found: C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe  

\ASUS\USB 3.0 Boost Service            File not found: C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe  

 

(I believe these are from the ASUS AI Suite that I installed from a disc that came with the motherboard when I first built this system. Since that time, I uninstalled this because I found it was just a graphical representation of what I could do in BIOS already. So, can I uncheck these or do I need to do that from Task Scheduler?)

 

 

\{27319C14-41CC-4F71-9776-94F404E3AEE3}            File not found: D:\INSTALL.EXE  

\{B1DFE27B-5BEC-4A9F-8E9F-AA1B16DCA4CD}            File not found: D:\INSTALL.EXE  

\{C4E83887-0E7A-46C3-AACF-1A95E73550C8}            File not found: D:\INSTALL.EXE  

 

(Now according to your Startup Programs Database, these are probably remnants from a  Trojan. Whats interesting is that they are being looked for on my BlueRay Burner...D: drive. Can I go ahead and uncheck these?)

 

=======================

 

I realize that there might be some issues other than just "unchecking" these entries but I have just gone through a malware cleanup procedure and I think some of this stuff is just remnants from that as well as old uninstalls. Can anyone advise?


Edited by linuxpowers, 30 December 2013 - 04:15 AM.

AMD FX-8120 Zambezi | GeForceGTX550Ti | 16GB G.Skill DDR3 1600 | ASUS M5A99X Evo | Windows 7HE SP1....or something like that!


BC AdBot (Login to Remove)

 


#2 dls62

dls62

  • Members
  • 623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Berkshire, UK
  • Local time:06:33 AM

Posted 30 December 2013 - 05:00 AM

Hi,

 

The IE entry under the Logon tab is probably a glitch following an upgrade from IE9 to IE10 (if you've done that).  The best way to resolve this particular issue is as follows:

 

1. From the Control Panel, select Programs and Features
2. Select Turn Windows features on or off
3. Uncheck the Internet Explorer 10 entry. You will get warnings of impending doom but proceed anyway
4. Restart your system
5. Repeat steps 1 to 4 but this time check the Internet Explorer 10 entry

 

When you run Autoruns again, the 'File not found' error should be gone.

 

In relation to the entries under the Task Scheduler tab, you can deselect all 6 entries from within Autoruns.  It is unusual to see scheduled tasks pointing to a removable drive.

 

If, after a couple of days, you have not seen any error messages and there no errors relating to these entries in the event logs, then you can re-run Autoruns, right click on each of these entries and select delete.  That will completely remove them from the task scheduler.



#3 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:33 PM

Posted 30 December 2013 - 05:59 AM

G'day linuxpowers,

I would be ensuring that you have system restore points in place BEFORE you start removing check marks etc etc

Better still.....a full system  BACKUP would be even better.......and you can always use     ERUNT  to back up your registry

 

An ounce of prevention is better than a tonne of cure.

 


Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#4 linuxpowers

linuxpowers
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:12:33 AM

Posted 30 December 2013 - 06:18 AM

 Hello to both of you and thanks for your response.

 

 

 

3. Uncheck the Internet Explorer 10 entry. You will get warnings of impending doom but proceed anyway

I have no entry for Internet Explorer 10 but I do have one for Internet Explorer 11. Does the same instruction apply? (I never use IE and I remember a windows update to IE11 just last week or so. I probably had IE9 on at the time)

 

 

I would be ensuring that you have system restore points in place

Since I've just went through a malware cleaning process last week and reset my restore point after that, does that count? But, I've made some changes in startup since then so I should set another one.

 

 

.a full system  BACKUP would be even better.

Strangely enough, I have windows backup scheduled to run every Monday at 5am....it's running as I type! It will take some time so I think I'll let that run before I attempt any of these instructions.


Edited by linuxpowers, 30 December 2013 - 06:19 AM.

AMD FX-8120 Zambezi | GeForceGTX550Ti | 16GB G.Skill DDR3 1600 | ASUS M5A99X Evo | Windows 7HE SP1....or something like that!


#5 dls62

dls62

  • Members
  • 623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Berkshire, UK
  • Local time:06:33 AM

Posted 30 December 2013 - 06:28 AM

Hi linuxpowers,

 

Yes, if you have IE11 installed uncheck that.



#6 linuxpowers

linuxpowers
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:12:33 AM

Posted 30 December 2013 - 06:30 AM

Gotcha...I post back as soon as backup finishes!

 

Thanks


AMD FX-8120 Zambezi | GeForceGTX550Ti | 16GB G.Skill DDR3 1600 | ASUS M5A99X Evo | Windows 7HE SP1....or something like that!


#7 linuxpowers

linuxpowers
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:12:33 AM

Posted 30 December 2013 - 07:36 AM

OK...here's what I did!

I unchecked the entry for IE11 and then rebooted. Went back and re-checked it...and then went to Autoruns. I still saw the entry "file not found" for that and I also now see the following entry in yellow that was not there before:

HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
   rdpclip            File not found: rdpclip  

At that time, I also unchecked those other 6 entries and then shut down and rebooted. Now, I'm running Autoruns again and I see the following:

HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
   rdpclip            File not found: rdpclip  

HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components
   Internet Explorer            File not found: C:\Windows\system32\ie4uinit.exe  

The other 6 are still there but they are still unchecked! There's one more in the services that is yellow and it shows up in the Event Viewer as well:

HKLM\System\CurrentControlSet\Services
   ASInsHelp            File not found: C:\Windows\SysWow64\drivers\AsInsHelp64.sys  

for which I'm thinking was part of the ASUS AI Suite as well. So, am I doing this correctly?

 

BTW, I also noted that the last recorded entry in Event Viewer was an error that says: "Microsoft Security Client OOB stopped due to the following error: 0xC000000D"


Edited by linuxpowers, 30 December 2013 - 07:46 AM.

AMD FX-8120 Zambezi | GeForceGTX550Ti | 16GB G.Skill DDR3 1600 | ASUS M5A99X Evo | Windows 7HE SP1....or something like that!


#8 dls62

dls62

  • Members
  • 623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Berkshire, UK
  • Local time:06:33 AM

Posted 30 December 2013 - 10:18 AM

The rdpclip entry is innocuous, even Microsoft admit to there being redundant legacy entries.

 

The Internet Explorer entry relates to the IE Per-User Initialization Utility.  As you do not use IE you can ignore this entry as well.

 

The Asus service entry can be deselected with the same suggestion as in my original reply about deselected entries.

 

In relation to the Microsoft Security Client error do you have , or have you had, Microsoft Security Essentials installed?



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:33 AM

Posted 30 December 2013 - 02:54 PM


If you're going to keep Autoruns (which I recommend), be careful using it and be sure to read:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 linuxpowers

linuxpowers
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:12:33 AM

Posted 30 December 2013 - 04:53 PM

Thanks for the replies.

 

dls62:

Yes, Microsoft tells me that rdpclip Applies to Microsoft Windows 2000 Server.

 

As far as the Internet Explorer issue, yes, I only use that as an emergency backup. However, just before replying to your message, I did try to start IE and make sure it would ran but I noticed it was not in the start menu anywhere. I just ended up making a quicklink on my desktop and then dragging it into the menu, but it starts.

 

Will follow on the ASUS stuff.

 

And yes, I have MSE installed currently.

 

=============

quietman7:

I am going to keep Autoruns as it seems to be a good diagnostic tool and thanks for the reading material, I'll digest all that asap!


Edited by linuxpowers, 30 December 2013 - 04:58 PM.

AMD FX-8120 Zambezi | GeForceGTX550Ti | 16GB G.Skill DDR3 1600 | ASUS M5A99X Evo | Windows 7HE SP1....or something like that!


#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:33 AM

Posted 30 December 2013 - 06:36 PM

You edited your post but in your email notification I believe you were looking for info on Speccy System Information
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 linuxpowers

linuxpowers
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:12:33 AM

Posted 31 December 2013 - 04:54 AM

:blush:  Sorry about that...I figured it out! SpeedFan, under the S.M.A.R.T. tab!

 

But thanks all the same!


AMD FX-8120 Zambezi | GeForceGTX550Ti | 16GB G.Skill DDR3 1600 | ASUS M5A99X Evo | Windows 7HE SP1....or something like that!


#13 dls62

dls62

  • Members
  • 623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Berkshire, UK
  • Local time:06:33 AM

Posted 31 December 2013 - 06:54 AM

If the Microsoft Security Client OOBE error was a one-off, I shouldn't worry about it.  If it is regular then the fix is:

 

Click Start, click in the Search box, type services.msc, and then press Enter.

Search for Microsoft Antimalware Service.  Click Stop the service.

Click Start, click in the Search box, type %PROGRAMDATA%\Microsoft\Microsoft Security Essentials\Support, and then press Enter.

Locate the file MSSEOOBE.etl and delete it.

Empty your Recycle Bin.

Restart your system.

Go back into services.msc and check that the Microsoft Antimalware Service has started.  If not, ensure that the Startup Type is set to Automatic and start the service.

 

If you continue to get this error, then you will need to uninstall MSE (I would suggest using Revo Uninstaller as it does a more thorough job) and then reinstall it.



#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:33 AM

Posted 31 December 2013 - 08:54 AM

How to use Revo Uninstaller

:blush:  Sorry about that...I figured it out! SpeedFan, under the S.M.A.R.T. tab!

Yes, SpeedFan monitors voltages, fan speed, SMART status, and temperatures....it can help you investigate the reasons for an unpredictable reboot or for a failing hard disk as well as whether you are likely to experience temperature related issues.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:33 AM

Posted 31 December 2013 - 12:33 PM


I downloaded Autoruns and fired it up to see what else is loading up at startup. I found some things that I no longer needed and used msconfig to uncheck them....I'm not sure unchecking in Autoruns does the same thing....let me know if it does as that would be much simpler!

 

When you disable an entry with Autoruns, a subkey is created (AutorunsDisabled) and the disabled value is moved into that subkey. This way, you can reenable it later.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users